LkmPlugin.dll

What this program actually does

LkmPlugin.dll implements LOFN (License/OAuth Flow Network) key management and exposes seat security state to external consumers via named-pipe APIs. It serves as the bridge between GciPlugin's cloud-check/patching logic and clients that need LOFN JWK material, patching state, or JSON-RPC security queries.

On PluginStart it spins up two concurrent pipe server threads: a legacy binary protocol (LegacyPipeApi) and a JSON-RPC protocol (JsonRpcPipeApi). MB endpoint: LkmPlugin. Build: version 1.0 2026-04-07-b253f97.

---

Architecture / control flow

NvContainerGcis.exe
  └─ LkmPlugin.dll
        ├─ GcisPluginTaskQueue / GSConfigClient
        ├─ PluginStart (early, before config re-fetch):
        │     ├─ LegacyPipeApi thread → CreateNamedPipeA, binary exchange
        │     └─ JsonRpcPipeApi thread → JSON-RPC over named pipe
        ├─ LOFN state machine
        │     ├─ GetLofnData / SetLofnData (via GciPlugin GCIS API)
        │     ├─ Challenge URL handling (LofnDataMessage)
        │     └─ JWK material (GSEC_LKM_Error_UnableToSetLofnJwk)
        ├─ Cloud-check coordination
        │     └─ ConfigureCloudCheck, CloudCheckProcessDataMessage
        └─ GsecTasTelemetry

Key RTTI/strings: LegacyPipeApi, JsonRpcPipeApi, LkmPluginPipeApi, CreateNamedPipeA.

---

External interfaces

Named-pipe APIs

API	Protocol	Purpose
LegacyPipeApi	Fixed-size binary frames (min 16 bytes)	Legacy LOFN/patching clients
JsonRpcPipeApi	JSON-RPC over pipe	Modern clients; cloud-check queries

Log strings: Waiting for a client to connect, LegacyPipeApiExchange, JSON-RPC PipeApiExchange, JSON-RPC Input:.

GCIS Service API (via GciPlugin)

Message	Purpose
GetLofnData / SetLofnData	LOFN key exchange
GetPatchingState	Seat patching state for pipe consumers
Cloud-check messages	Process validation callbacks

Message Bus

• Endpoint: LkmPlugin
• Parses bus messages: GSEC_LKM_Error_FailedToParseBusMessage, MalformedRequestReceived

---

Runtime timeline

Time (UTC)	Event	Source
19:04:52.649	Module LkmPlugin, init OK	LkmPluginCurrent.log
19:04:52.883	PluginStart: Legacy + JSON-RPC pipe threads start	LkmPluginCurrent.log
19:04:52.884	Both pipes waiting for client connection	LkmPluginCurrent.log
19:04:52.972	TAS session initiated	LkmPluginCurrent.log
19:04:53.025	GcisConfigData not found → Failed to start LkmPlugin	LkmPluginCurrent.log
19:04:53.028	LkmPlugin first to report mandatory failure (Starting)	NvContainerGcis.log
19:04:53.057	Stop: pipe threads get shutdown connect; legacy "data size < 16", JSON "unexpected end of text"	LkmPluginCurrent.log

Note: pipe threads start before the failing GcisConfigData fetch — they briefly accept connections during teardown.

---

Failure modes

Error string	Meaning
GSEC_LKM_Error_LofnDataNotSet	LOFN keys not provisioned
GSEC_LKM_Error_MalformedLofnDataMessage	Invalid LOFN protobuf
GSEC_LKM_Error_EmptyChallengeUrlReceivedInLofnDataMessage	Missing OAuth challenge URL
GSEC_LKM_Error_UnableToSetLofnJwk	JWK write failure
GSEC_LKM_Error_UpdatePatchingStateFailed	Patching state sync failed
GSEC_LKM_Error_FailedToParseResponseFromGciPlugin	GciPlugin RPC response invalid
GSEC_LKM_Error_LegacyPipeApiFailedToCreatePipe	Named pipe creation failed
GSEC_LKM_Error_JsonRpcPipeApiInvalidRequestError	Bad JSON-RPC payload
GSEC_LKM_Error_JsonRpcPipeApiCloudCheckFailed	Cloud-check RPC error
LegacyPipeApi: Received data size is less than 16	Truncated legacy frame (seen on shutdown)
Missing GcisConfigData	PluginStart abort (observed)

---

Not verified

• Exact pipe names (not in log strings; likely derived from seat/instance ID).
• JSON-RPC method catalog (only error paths recovered).
• LOFN OAuth flow sequence with external identity provider.
• Whether pipe APIs are reachable from user session or SYSTEM-only.

---

Evidence

• strings / RTTI on services/GCIS/plugins/LkmPlugin.dll
• logs/GCIS/LkmPluginCurrent.log, LkmPluginOld.log
• logs/GCIS/NvContainerGcis.log
• logs/GSP/GSConfiguratorPluginCurrent.log